diff options
author | Florence Blanc-Renaud <flo@redhat.com> | 2016-12-20 16:21:58 +0100 |
---|---|---|
committer | David Kupka <dkupka@redhat.com> | 2017-03-02 15:09:42 +0100 |
commit | 9e24918c89f30a6d7064844dc0dd848bb35140df (patch) | |
tree | 42d9144b5aaba9bb9ee33e0bd405e4734adbcc5e /ipaserver/plugins/user.py | |
parent | 22d7492c94837342a559c368454c223f566490ac (diff) | |
download | freeipa-9e24918c89f30a6d7064844dc0dd848bb35140df.tar.gz freeipa-9e24918c89f30a6d7064844dc0dd848bb35140df.tar.xz freeipa-9e24918c89f30a6d7064844dc0dd848bb35140df.zip |
Support for Certificate Identity Mapping
See design http://www.freeipa.org/page/V4/Certificate_Identity_Mapping
https://fedorahosted.org/freeipa/ticket/6542
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaserver/plugins/user.py')
-rw-r--r-- | ipaserver/plugins/user.py | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py index 88171cf40..2d29dfb11 100644 --- a/ipaserver/plugins/user.py +++ b/ipaserver/plugins/user.py @@ -22,7 +22,6 @@ import time from time import gmtime, strftime import posixpath import os - import six from ipalib import api @@ -46,7 +45,9 @@ from .baseuser import ( baseuser_add_cert, baseuser_remove_cert, baseuser_add_principal, - baseuser_remove_principal) + baseuser_remove_principal, + baseuser_add_certmapdata, + baseuser_remove_certmapdata) from .idviews import remove_ipaobject_overrides from ipalib.plugable import Registry from .baseldap import ( @@ -179,6 +180,7 @@ class user(baseuser): 'secretary', 'usercertificate', 'usersmimecertificate', 'x500uniqueidentifier', 'inetuserhttpurl', 'inetuserstatus', + 'ipacertmapdata', }, 'fixup_function': fix_addressbook_permission_bindrule, }, @@ -366,6 +368,13 @@ class user(baseuser): }, 'default_privileges': {'PassSync Service'}, }, + 'System: Manage User Certificate Mappings': { + 'ipapermright': {'write'}, + 'ipapermdefaultattr': {'ipacertmapdata', 'objectclass'}, + 'default_privileges': { + 'Certificate Identity Mapping Administrators' + }, + }, } takes_params = baseuser.takes_params + ( @@ -1185,6 +1194,16 @@ class user_remove_cert(baseuser_remove_cert): @register() +class user_add_certmapdata(baseuser_add_certmapdata): + __doc__ = _("Add one or more certificate mappings to the user entry.") + + +@register() +class user_remove_certmapdata(baseuser_remove_certmapdata): + __doc__ = _("Remove one or more certificate mappings from the user entry.") + + +@register() class user_add_manager(baseuser_add_manager): __doc__ = _("Add a manager to the user entry") |